This is one of the larger batches of fixes that Google has produced for Chrome recently. The company releases frequent updates for the browser and often will push out a new version with only a handful of security patches. But Chrome 37 includes 50 patches, a huge number by any measure. The most notable vulnerability patched in this version is actually a combo platter of several flaws that can be used to escape the Chrome sandbox and gain remote code execution.

The group of vulnerabilities earned the security researcher who reported them a $30,000 bug bounty from Google, one of the higher rewards that the company has given to a researcher outside of its Pwnium competitions. Google’s bug bounties typically fall into the $1,000-$5,000 range, but the company’ security team sometimes will award significantly higher rewards to researchers who report especially critical or creative bugs.

This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.